← Back to KHAO

Microsoft · Mistral · GitHub ·

Earlier Monday, security company Aikido flagged that malicious package versions tied to the popular TanStack JavaScript

2 min read

Compiled by KHAO Editorial — aggregated from 2 sources. See llms.txt for citation guidance.

✓ KHAO Verified

Image accompanies the article at Tom's Hardware. No description was extracted from the source.

Hours later, Aikido said several Mistral npm SDK packages had also been compromised as part of the same ongoing “Mini Shai-Hulud” campaign, including /mistralai, /mistralai-azure, and /mistralai-gcp.

Key facts

Summary

Microsoft Threat Intelligence said in an X post on Monday that it is investigating a compromise of the mistralai PyPI package after attackers reportedly injected malicious code that automatically executed on import, downloaded a secondary payload disguised as transformers.pyz, and launched malware on Linux systems, the latest incident researchers believe may be linked to the broader “ Mini Shai-Hulud ” software supply-chain campaign targeting developer ecosystems. According to Microsoft, the compromised mistralai package version 2.4.6 contained malicious code inserted into mistralai/client/__init__.py that silently downloaded a file from a remote IP address to /tmp/transformers.pyz and executed it in the background whenever the package was imported on Linux machines. The filename appears deliberately chosen to resemble Hugging Face ’s widely used Transformers AI framework, potentially allowing the malware to blend into machine learning environments and evade suspicion. The disclosure comes amid a growing wave of software supply-chain compromises affecting both npm and PyPI ecosystems.

#Microsoft #Mistral #GitHub